Privacy
Note on data protection
B+M Blumenbecker GmbH, represented by Dipl.-Kfm. Richard Mayer, Dipl.-Ing. Harald Golombek, Olaf Lingnau, is responsible for processing your personal data. In accordance with our legal obligations, we have appointed a data protection officer who you can contact at any time with questions about data protection. You can reach her/him at Biehn & Professionals GmbH, Wiesenstraße 32, 33397 Rietberg-Mastholte, datenschutz(at)blumenbecker.com.
What personal data and information is processed and for what purpose?
When reporting violations via "safe!hints", personal data (e.g. name, contact details, photos, reported facts, etc.) are processed.
- the person making the report (whistleblower)
- the person affected by a report (reported person)
- and the other persons named in a report (e.g. witnesses)
who are entered in the respective notification form. The data is processed by the persons responsible for receiving the reports or for taking follow-up action within the reporting office, insofar as this is necessary to check the reported incidents, to initiate follow-up action and, if necessary, to take remedial measures.
Access to incoming reports is granted to the persons responsible for receiving the report, i.e. our external data protection officer, the persons supporting him in the performance of his duties.
Disclosure of identities to the persons in our company responsible for taking follow-up measures as part of the internal reporting office only takes place insofar as this is necessary for checking the validity of the report or taking follow-up measures.
In order to take follow-up measures, it may be necessary to pass on information about the identity of the person making the report or about other circumstances from which his or her identity can be deduced to employees of other departments, such as the legal department or the management of our company or to external advisors (e.g. legal advisors). In each case, this is only done to the extent necessary and with regard to the identity of the person providing the information, only with their additional consent.
In addition, we may be obliged to disclose a reported incident and the identity of the whistleblower and other persons named in the report to the competent authorities on their instructions within the framework of investigative, administrative or judicial proceedings. The consent of the person making the report is not required for this purpose.
The infrastructure of the system, including websites and database, is operated by Biehn & Professionals GmbH, Wiesenstraße 32, 33397 Rietberg-Mastholte, on our behalf in accordance with Art. 28 DSGVO. Biehn & Professionals GmbH is contractually obliged to maintain strict confidentiality and to comply with all data protection requirements. In addition, our external data protection officer is subject to a special, statutory duty of confidentiality.
What is the legal basis for data processing?
Until the Hinweisgeberschutzgesetzes (HinSchG) comes into force, data processing is based on Art. 6 Abs. 1 lit. f DSGVO (legitimate interest). We have a legitimate interest in ensuring financial security on the international financial markets, preventing fraud and misconduct in relation to accounting, combating corruption, banking and financial crime or insider dealing and, in general, preventing violations within the company that are subject to criminal penalties and fines.
As of the entry into force of the HinSchG, Art. 6 Abs. 1 lit. c DSGVO in conjunction with § 10 HinSchG forms the legal basis for the processing of the personal data required to fulfil the tasks of the reporting offices.
Insofar as the person providing the information discloses his or her identity, the consent pursuant to Art. 6 Abs. 1 lit. a DSGVO is the legal basis for the processing of this data.
How long is the personal data stored?
Pursuant to § 11 HinSchG, the reports received, including all personal data contained therein, are deleted two years after the conclusion of the procedure in accordance with data protection law.
What rights does the data subject have?
According to Art. 15 DSGVO, you have the right to information about the personal data stored about you, about the purposes of the processing, about any transfers to other bodies and about the duration of the storage.
Pursuant to § 29 Abs. 1) S. 2 BDSG, the right to information of the data subject does not exist insofar as the information would reveal information that must be kept secret according to a legal provision or by its nature, in particular because of the overriding legitimate interests of a third party.
If data is incorrect or no longer required for the purposes for which it was collected, you may request that it be corrected (Art. 16 DSGVO), deleted (Art. 17 DSGVO) or restricted from processing (Art. 18 DSGVO). You can also make use of the right to data portability according to Art. 20 DSGVO.
In justified cases, you may object to processing based on our legitimate interest pursuant to Art. 21 DSGVO.
If you have any questions about your rights and how to exercise them, please contact your HR department or the company data protection officer.
If you have any concerns or questions about the processing of your personal data and information, you can contact our data protection officer using the contact details above.
You also have the right to lodge a complaint with the data protection supervisory authority responsible for our company.
What personal data and information is processed and for what purpose?
When reporting violations via "safe!hints", personal data (e.g. name, contact details, photos, reported facts, etc.) are processed.
- the person making the report (whistleblower)
- the person affected by a report (reported person)
- and the other persons named in a report (e.g. witnesses)
who are entered in the respective notification form. The data is processed by the persons responsible for receiving the reports or for taking follow-up action within the reporting office, insofar as this is necessary to check the reported incidents, to initiate follow-up action and, if necessary, to take remedial measures.
Access to incoming reports is granted to the persons responsible for receiving the report, i.e. our external data protection officer, the persons supporting him in the performance of his duties.
Disclosure of identities to the persons in our company responsible for taking follow-up measures as part of the internal reporting office only takes place insofar as this is necessary for checking the validity of the report or taking follow-up measures.
In order to take follow-up measures, it may be necessary to pass on information about the identity of the person making the report or about other circumstances from which his or her identity can be deduced to employees of other departments, such as the legal department or the management of our company or to external advisors (e.g. legal advisors). In each case, this is only done to the extent necessary and with regard to the identity of the person providing the information, only with their additional consent.
In addition, we may be obliged to disclose a reported incident and the identity of the whistleblower and other persons named in the report to the competent authorities on their instructions within the framework of investigative, administrative or judicial proceedings. The consent of the person making the report is not required for this purpose.
The infrastructure of the system, including websites and database, is operated by Biehn & Professionals GmbH, Wiesenstraße 32, 33397 Rietberg-Mastholte, on our behalf in accordance with Art. 28 DSGVO. Biehn & Professionals GmbH is contractually obliged to maintain strict confidentiality and to comply with all data protection requirements. In addition, our external data protection officer is subject to a special, statutory duty of confidentiality.
What is the legal basis for data processing?
Until the Hinweisgeberschutzgesetzes (HinSchG) comes into force, data processing is based on Art. 6 Abs. 1 lit. f DSGVO (legitimate interest). We have a legitimate interest in ensuring financial security on the international financial markets, preventing fraud and misconduct in relation to accounting, combating corruption, banking and financial crime or insider dealing and, in general, preventing violations within the company that are subject to criminal penalties and fines.
As of the entry into force of the HinSchG, Art. 6 Abs. 1 lit. c DSGVO in conjunction with § 10 HinSchG forms the legal basis for the processing of the personal data required to fulfil the tasks of the reporting offices.
Insofar as the person providing the information discloses his or her identity, the consent pursuant to Art. 6 Abs. 1 lit. a DSGVO is the legal basis for the processing of this data.
How long is the personal data stored?
Pursuant to § 11 HinSchG, the reports received, including all personal data contained therein, are deleted two years after the conclusion of the procedure in accordance with data protection law.
What rights does the data subject have?
According to Art. 15 DSGVO, you have the right to information about the personal data stored about you, about the purposes of the processing, about any transfers to other bodies and about the duration of the storage.
Pursuant to § 29 Abs. 1) S. 2 BDSG, the right to information of the data subject does not exist insofar as the information would reveal information that must be kept secret according to a legal provision or by its nature, in particular because of the overriding legitimate interests of a third party.
If data is incorrect or no longer required for the purposes for which it was collected, you may request that it be corrected (Art. 16 DSGVO), deleted (Art. 17 DSGVO) or restricted from processing (Art. 18 DSGVO). You can also make use of the right to data portability according to Art. 20 DSGVO.
In justified cases, you may object to processing based on our legitimate interest pursuant to Art. 21 DSGVO.
If you have any questions about your rights and how to exercise them, please contact your HR department or the company data protection officer.
If you have any concerns or questions about the processing of your personal data and information, you can contact our data protection officer using the contact details above.
You also have the right to lodge a complaint with the data protection supervisory authority responsible for our company.